feat(training-agent): wire BuyerAgentRegistry on all v6 tenants + sandbox-mode adaptation for SDK 6.8.0#4026
Merged
Merged
Conversation
Phase 1 BuyerAgentRegistry adoption per adcp-client#1269. Unblocked by SDK 6.8.0's extra-forwarding fix (issue #1484 / PR #1488 — both filed and reviewed in this session). - SDK pin bumped to ^6.8.0. - Bearer authenticator stamps extra: { demo_token: token } on the AuthPrincipal returned for demo-* test bearers. The token doesn't survive AdcpCredential normalization (api_key carries key_id: SHA-256(token)); extra is the documented escape hatch for prefix-based test conventions. - New buyer-agent-registry.ts — BuyerAgentRegistry.bearerOnly resolver that reads extra.demo_token, delegates to commercial-relationships.ts for the principal → relationship lookup (single source of truth), and returns a BuyerAgent record with the appropriate billing_capabilities Set. Unrecognized credentials return null (uniform-response rule). Signed credentials are refused per the bearerOnly factory's posture. - All six v6 tenant platforms wire agentRegistry: trainingBuyerAgentRegistry — sales, signals (v6-platform.ts), governance, creative, creative-builder, brand. Framework calls agentRegistry.resolve(authInfo) once per request before accounts.resolve and threads the resolved record through ctx.agent to platform handlers. No gate-logic changes. commercial-relationships.ts remains the source of truth and the legacy /mcp path keeps consuming it via handleSyncAccounts. The v6 platforms now ALSO have ctx.agent.billing_capabilities populated — forward-compat for SDK Phase 2 (adcp-client#1292) framework-level enforcement of BILLING_NOT_PERMITTED_FOR_AGENT. Tests: 6 new unit tests on the registry resolver covering all branches (prefix matching, missing extra, defensive type-checks, http_sig refusal). Existing sync-accounts-gates integration test (11 tests) and account-handlers unit test (22 tests) all pass — proves the gate logic still fires correctly under the new wiring. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 BuyerAgentRegistry adoption (per adcp-client#1269). Unblocked by SDK 6.8.0's
extra-forwarding fix — issue #1484 (filed earlier in this session) → PR #1488 → shipped in 6.8.0.Also bundles the SDK 6.8.0 sandbox-mode adaptation: 6.8.0 added a new
comply_test_controllergate (isSandboxOrMockAccount) that requires resolved accounts to be in sandbox/mock mode. Training-agent operates as a public sandbox by design but didn't communicate that on the wire. Without this fix, the SDK bump alone would FORBIDDEN-reject every comply-controller storyboard. Pre-push storyboard floors confirm: all six tenants meet baselines after the fix.What landed
^6.8.0.extra: { demo_token: token }on the AuthPrincipal returned fordemo-*test bearers (server/src/training-agent/index.ts). The token doesn't surviveAdcpCredentialnormalization (api_key.key_idis SHA-256 hashed);extrais the documented escape hatch for prefix-based test conventions.buyer-agent-registry.ts—BuyerAgentRegistry.bearerOnlyresolver that readsextra.demo_token, delegates tocommercial-relationships.tsfor the principal → relationship lookup, and returns aBuyerAgentrecord with the appropriatebilling_capabilitiesSet.agentRegistry: trainingBuyerAgentRegistry. The framework callsagentRegistry.resolve(authInfo)once per request beforeaccounts.resolveand threads the resolved record throughctx.agentto platform handlers — forward-compat for SDK Phase 2 framework-level enforcement.sandbox: trueadded to allaccounts.resolvereturn values across the six v6 platforms (bothref == nullsynthetic-public-sandbox and brand/operator-resolved paths). Required by SDK 6.8.0's new comply_test_controller gate.No gate-logic changes.
commercial-relationships.tsremains the source of truth; legacy/mcpkeeps consuming it viahandleSyncAccounts. The v6 path now also hasctx.agent.billing_capabilitiespopulated.Tests
buyer-agent-registry.test.tscovering all branches (passthrough/agent-billable prefix resolution, unrecognized prefix → null, missing extra → null, defensive type-checks, http_sig refusal).sync-accounts-gates.test.ts(11 tests) andaccount-handlers.test.ts(22 tests) all pass — proves gate logic still fires correctly.Phase 2 outlook
When SDK Phase 2 ships framework-level enforcement, the only remaining work is to delete the gate logic from
account-handlers.tsand let the framework rejectBILLING_NOT_PERMITTED_FOR_AGENTagainstctx.agent.billing_capabilitiesdirectly.commercial-relationships.tsstays as the registry's data source.Cross-links
accounts.upsertwiring (merged, prerequisite for this work)🤖 Generated with Claude Code